#Moxie Marlinspike | Explore Tumblr Posts and Blogs

mariacallous · 1 year

Text

For 20 years, the only way to really communicate privately was to use a widely hated piece of software called Pretty Good Privacy. The software, known as PGP, aimed to make secure communication accessible to the lay user, but it was so poorly designed that even Edward Snowden messed up his first attempt to use PGP to email a friend of Laura Poitras. It also required its users to think like engineers, which included participating in exceptionally nerdy activities like attending real-life “key-signing parties” to verify your identity to other users. Though anyone could technically use PGP, the barrier to entry was so high that only about 50,000 people used it at its peak, meaning that privacy itself was out of reach for most.

These days, to talk to a friend securely, all you have to do is download a free app. For a certain set, that app will be Signal. Snowden and Elon Musk have recommended it; it’s been name-dropped on big-budget shows like House of Cards, Mr. Robot, and Euphoria, and its users include journalists, members of the White House, NBA players, Black Lives Matters activists, and celebrities trying to get their hands on Ozempic. Its founder has been profiled by The New Yorker and appeared on Joe Rogan’s podcast. A tiny organization with virtually no marketing budget has become synonymous with digital privacy in the public imagination.

Technology can be deeply shaped by the personal inclinations of a founder. Facebook’s light-fingeredness with user data is inseparable from its roots in Zuckerberg’s dorm room as an app for ranking women by their looks; Apple’s minimalist design was influenced by Jobs’ time spent practicing Zen Buddhism. Signal is no different. During its formative years, the charismatic face of Signal was Moxie Marlinspike, a dreadlocked anarchist who spent his time sailing around the world, living in punk houses, and serving free food to the unhoused. He led every aspect of Signal’s development for almost a decade, at one point complaining, “I was writing all the Android code, was writing all of the server code, was the only person on call for the service, was facilitating all product development, and was managing everyone. I couldn’t ever leave cell service.”

In the field of cryptography, Marlinspike is considered the driving force behind bringing end-to-end encryption—the technology underlying Signal—to the real world. In 2017, Marlinspike and his collaborator, Trevor Perrin, received the Levchin Prize, a prominent prize for cryptographers, for their work on the Signal Protocol. Afterward, Dan Boneh, the Stanford professor who chaired the award committee, commented that he wasn’t sure that end-to-end encryption would have become widespread without Marlinspike’s work. At the very least, “it would have taken many more decades,” he said.

The motivations that led to end-to-end encryption going mainstream lie far out on the political fringe. The original impetus for Marlinspike’s entry into cryptography, around 2007, was to challenge existing power structures, particularly the injustice of how (as he put it) “Internet insecurity is used by people I don’t like against people I do: the government against the people.” But sticking to anarchism would imply an almost certain defeat. As Marlinspike once noted, the “trail of ideas that disappears into the horizon behind me is completely and utterly mined over with failures … Anarchists are best known for their failures.”

For an idealistic engineer to succeed, he will have to build something that is useful to many. So there has also been an unusually pragmatic bent to Signal’s approach. Indeed, in many interviews, Marlinspike has taken a mainstream stance, insisting that “Signal is just trying to bring normality to the internet.” Signal’s success depends on maintaining its principled anarchist commitments while finding a wide-ranging appeal to the masses, two goals that might seem at odds. Examining how the app navigates this tension can help us understand what might come next in Signal’s new quest to reach “everyone on the planet.”

Released after WhatsApp set the standards for messaging, Signal’s problem has always been how to keep up with its competition—a fine dance between mimicry (so as to seem familiar to new users) and innovation (to poach users from its competitors). Signal started off by copying WhatsApp's user experience, while at the same time pioneering end-to-end encryption, a feature that WhatsApp turned around and copied from Signal. Throughout this evolutionary dance, Signal has managed to maintain an unusual focus on the autonomy of the individual, a wariness of state authority, and an aversion to making money, characteristics that are recognizably anarchist.

Because a small fringe of cypherpunks, Marlinspike included, came to see cryptography as a way to remedy the imbalance of power between the individual and the state, Signal focused on getting end-to-end encryption on messages and calls absolutely right. With Signal, no one can read your messages. Amazon can’t, the US government can’t, Signal can’t. The same is true for voice calls and metadata: A user’s address book and group chat titles are just as safe. Signal knows basically nothing about you, other than your phone number (which is not mapped to your username), the time you created your account, and the time you last used the app. Your data can’t be sold to others or cause ads to follow you around on the internet. Using Signal is just like talking with your friend in the kitchen.

Because Signal is committed to retaining as little metadata as possible, that makes it hard for it to implement new features that are standard to other apps. Signal is essentially footing the cost of this commitment in engineer-hours, since implementing popular features like group chats, address books, and stickers all required doing novel research in cryptography. That Signal built them anyway is a testament to its desire for mass appeal.

Signal also pioneered features that gave individuals more autonomy over their information, such as disappearing messages (which WhatsApp later adopted) and a feature that let users blur faces in a photo (which it rapidly rolled out to support the Black Lives Matter protests). At the same time, Signal has garnered users' trust because its code is open source, so that security researchers can verify that its end-to-end encryption is as strong as the organization claims.

For the ordinary user, though, individual autonomy and privacy may not be as important. On WhatsApp, users accept that it will be very hard to figure out what exactly the app knows about you and who it might be shared with. Users’ information is governed by an ever-shifting labyrinth of grudging caveats and clauses like “we will share your transaction data and IP address with Facebook” and “we can’t see your precise location, but we’ll still try to estimate it as best as we can” and “we will find out if you click on a WhatsApp share button on the web.” WhatsApp is also closed-source, so its code can’t be audited. If using Signal is like talking in a friend’s kitchen, using WhatsApp is like meeting at a very loud bar—your conversation is safe, but you’re exposed, and you’ll have to pay for your place.

If you’re not an anarchist, you may be less worried about a shadowy state and more worried about actual people you know. People in your community might be harassing you in a group chat, an abusive ex might be searching your chats for old photos to leak, or your child might have gotten access to your unlocked phone. WhatsApp’s features better support a threat model that is sensitive to interpersonal social dynamics: You can leave groups silently, block screenshots for view-once messages, and lock specific chats. WhatsApp can even view the text of end-to-end encrypted messages that have been reported by a user for moderation, whereas Signal has no moderation at all.

Idealists have called centralization one of the main ills of the internet because it locks users into walled gardens controlled by authoritarian companies. In a great stroke of pragmatism, Signal chose to be centralized anyway. Other encrypted-messaging apps like Matrix offer a federated model akin to email, in which users across different servers can still communicate through a shared protocol. (Someone on Gmail can still email someone on Yahoo, whereas someone on Facebook Messenger can’t contact someone on Signal.) This federated approach more closely mirrors anarchy; it could theoretically be better, because there would be no single point of failure and no single service provider for a government to pressure. But federated software creates a proliferation of different clients and servers for the same protocol, making it hard to upgrade. Users are already used to centralized apps that behave like Facebook or Twitter, and email has already become centralized into a few main service providers. It turns out that being authoritarian is important for maintaining a consistent user experience and a trusted brand, and for rolling out software updates quickly. Even anarchism has its limits.

What Signal has accomplished so far is impressive. But users famously judge software not on how much it can do, but on how much it can’t. In that spirit, it’s time to complain.

Because of Signal’s small team, limited funding, and the challenges of implementing features under end-to-end encryption, the app bafflingly lacks a number of important features. It doesn’t have encrypted backups for iOS; messages can only be transferred between phones. If you lose your iPhone, you lose all your Signal chat history.

Signal also doesn’t do a good job serving some of its core users. Activists and organizers deal with huge amounts of messages that involve many people and threads, but Signal’s interface lacks ways to organize all this information. These power users’ group chats become so unwieldy that they migrate to Slack, losing the end-to-end encryption that brought them to Signal in the first place. It’s common to try and make multiple group chats between the same people to manage all their threads. When users are hacking “desire paths” into your interface to create a new feature, or leaving because of the lack of the feature, that’s a strong hint that something is missing.

WhatsApp and Telegram, on the other hand, are leading the way on defining how group chats can scale up. WhatsApp “communities” gather different private group chats in one place, better mimicking the organization of a neighborhood or school that may be discussing several things at once. Telegram’s social media “channel” features are better for broadcasting info en masse, though Telegram’s lack of moderation has been blamed for attracting the kind of fringe crowd that has been banned from all other platforms.

It's no exaggeration to say that small features in a chat app encode different visions of how society should be organized. If the first reacji in the palette was a thumbs down rather than a heart, maybe we would all be more negative, cautious people. What kind of social vision did Signal arise from?

“Looking back, I and everyone I knew was looking for that secret world hidden in this one,” Marlinspike admitted in a 2016 interview. A key text in anarchist theory describes the idea of a “temporary autonomous zone,” a place of short-term freedom where people can experiment with new ways to live together outside the confines of current social norms. Originally coined to describe “pirate utopias” that may be apocryphal, the term has since been used to understand the life and afterlife of real-world DIY spaces like communes, raves, seasteads, and protests. And Signal is, unmistakably, a temporary autonomous zone that Marlinspike has spent almost a decade building.

Because temporary autonomous zones create spaces for the radical urges that society represses, they keep life in the daytime more stable. They can sometimes make money in the way that nightclubs and festivals do. But temporary autonomous zones are temporary for a reason. Over and over, zone denizens make the same mistake: They can’t figure out how to interact productively with the wider society. The zone often runs out of money because it exists in a world where people need to pay rent. Success is elusive; when a temporary autonomous zone becomes compelling enough to threaten daytime stability, it may be violently repressed. Or the attractive freedoms offered by the zone may be taken up in a milder form by the wider society, and eventually the zone ceases to exist because its existence has pressured wider society to be a little more like it. What kind of end might Signal come to?

There are reasons to think that Signal may not be around for very long. The nonprofit’s blog, meant to convince us of the elite nature of its engineers, has the unintentional effect of conveying the incredible difficulty of building any new software feature under end-to-end encryption. Its team numbers roughly 40; Marlinspike has just left the organization. Achieving impossible feats may be fun for a stunt hacker with something to prove, but competing with major tech companies’ engineering teams may not be sustainable for a small nonprofit with Marlinspike no longer at the helm.

Fittingly for an organization formerly led by an anarchist, Signal lacks a sustainable business model, to the point where you might almost call it anti-capitalist. It has survived so far in ways that don’t seem replicable, and that may alienate some users. Signal is largely funded by a big loan from a WhatsApp founder, and that loan has already grown to $100 million. It has also accepted funding from the US government through the Open Technology Fund. Because Signal can’t sell its users’ data, it has recently begun developing a business model based on directly providing services to users and encouraging them to donate to Signal in-app. But to get enough donations, the nonprofit must grow from 40 million users to 100 million. The company’s aggressive pursuit of growth, coupled with lack of moderation in the app, has already led Signal employees themselves to publicly question whether growth might come from abusive users, such as far-right groups using Signal to organize.

But there are also reasons for hope. So far, the most effective change that Signal has created is arguably not the existence of the app itself, but making it easy for WhatsApp to bring Signal-style end-to-end encryption to billions of users. Since WhatsApp’s adoption, Facebook Messenger, Google’s Android Messages, and Microsoft’s Skype have all adopted the open source Signal Protocol, though in milder forms, as the history of temporary autonomous zones would have us guess. Perhaps the existence of the Signal Protocol, coupled with demand from increasingly privacy-conscious users, will encourage better-funded messaging apps to compete against each other to be as encrypted as possible. Then Signal would no longer need to exist. (In fact, this resembles Signal’s original theory of change, before they decided they would rather compete with mainstream tech companies.)

Now, as the era of the global watercooler ends, small private group chats are becoming the future of social life on the internet. Signal started out a renegade, a pirate utopia encircled by cryptography, but the mainstream has become—alarmingly quickly—much closer to the vision Signal sought. In one form or another, its utopia just might last.

9 notes · View notes

fernand0 · 24 days

Link

0 notes

hackernewsrobot · 1 month

Text

Moxie Marlinspike: Agile is killing software innovation

https://www.theregister.com/2024/08/09/marlinspike/

0 notes

ericvanderburg · 1 month

Text

Agile is Killing Software Innovation, Says Moxie Marlinspike

http://i.securitythinkingcap.com/TBjzvv

0 notes

thedatagroupnewsservice · 2 months

Text

ICYMI: Black Hat Announces Jen Easterly, Hans de Vries, Felicity Oswald OBE, and Moxie Marlinspike as Keynote Speakers for Black Hat USA 2024 http://dlvr.it/T9VhGz

0 notes

levysoft · 1 year

Link

Chi è Moxie Marlinspike e perché ha lasciato Signal dopo averla creata

Esattamente un anno dopo avere conquistato la notorietà internazionale, Moxie Marlinspike ha abbandonato la posizione di amministratore delegato di Signal, l’applicazione di messaggistica pro-privacy da lui stesso fondata.

Era il gennaio del 2021 quando la rivale WhatsApp, in seguito a un discutibile cambiamento dei termini di utilizzo, veniva travolta dalle polemiche. Oltre a Telegram, ad avvantaggiarsi delle critiche alla piattaforma di proprietà di Facebook fu proprio Signal, che beneficiò anche di un tweet di sostegnodell’immancabile Elon Musk e iniziò improvvisamente a scalare le classifiche degli store digitali.

Certo, i numeri sono comunque piccoli: con i 40 milioni di utenti, Signal impallidisce di fronte a Telegram (550 milioni) e soprattutto WhatsApp (2 miliardi). L’elemento più importante della piattaforma fondata da Marlinspike è però un altro: se WhatsApp raccoglie fino a 9 tipi diversi di informazioni sugli utilizzatori e anche Telegram (le cui comunicazioni non sono peraltro cifrate di default) ne raccoglie 3, Signal non prende possesso di alcun dato. Una dimostrazione di questa caratteristica si ebbe nel 2016: l’Fbi citò in giudizioSignal per costringerla a fornire i dati di una persona, ma la piattaforma fu soltanto in grado di rivelare quando quell’utente si era iscritto e quando aveva eseguito l’ultimo accesso. Niente altro, perché non sapeva niente altro.

Un altro aspetto caratteristico di Signal è il modello di business: non raccoglie dati, non ha pubblicità, non offre strumenti premium a pagamento. Tutti i soldi necessari alla gestione della piattaforma (e a pagare gli stipendi di una trentina di dipendenti) arrivano da donazioni volontarie e dal prestito senza interessi di 50 milioni di dollari ricevuto da Brian Acton, fondatore di WhatsApp, che da tempo lavora a stretto contatto con Marlinspike e che assumerà ad interim il posto di amministratore delegato.

Nel post in cui ha annunciato l’addio, il fondatore di Signal ha spiegato che la ricerca del nuovo Ad è in corso, specificando di avere però immutata fiducia nel “potenziale illimitato di Signal”, di considerare questa piattaforma “estremamente importante” e di voler mantenere una posizione nel consiglio d’amministrazione.

Le (probabili) ragioni dell’addio E allora perché ha deciso di lasciare? Su questo, Marlinspike non ha dato informazioni. E sarebbe stato strano il contrario, considerando quanto sia (prevedibilmente) geloso della sua vita privata. Delle sue origini si sa che è nato nei primi anni ’80 nello Stato americano della Georgia e che in gioventù è stato un militante anarchico, ma per fortuna c'è Google: da cui tra l'altro si viene a sapere il vero nome del fondatore di Signal: Moxie Marlinspike si chiama in realtà Matthew Rosenfeld.

Dopo essersi trasferito a San Francisco negli anni ’90 e avere conquistato una certa reputazione come hacker, ha ideato prima lo strumento per le comunicazioni cifrate Whisper System (poi venduto a Twitter) e dopo ha creato la non-profit Open Whisper System. È in questo periodo che lo stesso Marlinspike ha creato il fondamentale protocollo TextSecure: un’applicazione della end-to-end encryption che garantisce comunicazioni a prova di intercettazioni e che, nel tempo, è stata adottata da WhatsApp, Skype e altri.

Un’app che piace a buoni e cattivi Nel 2014, infine, nasce Signal, che in breve tempo si impone tra i sostenitori della privacy come unica applicazione completamente sicura. A questa fama si accompagnano le inevitabili accuse di essere una piattaforma che fa il gioco dei criminali, consentendo loro di comunicare al riparo da qualunque sguardo indiscreto. Ad approfittare della sicurezza di questa piattaforma non sono però soltanto i malintenzionati: lo staff della Commissione europea impiega Signalper proteggere le proprie comunicazioni e addirittura l’Onu ne ha raccomandato l’uso per inviare a giornalisti e ong le prove degli abusi commessi dai regimi totalitari.

Il tema dei lati oscuri della privacy è però recentemente riemerso perfino tra gli stessi dipendenti di Signal, preoccupati che la società stia (come ha riassuntol’esperto Casey Newton su Platformer) “scherzando col fuoco”. La ragione è l’integrazione, annunciata senza fare troppo rumore a metà novembre, della criptovaluta MobileCoin, già oggi disponibile per tutti gli utenti di Signal e che permette di inviare pagamenti digitali completamente anonimi. “Vorrei che vivessimo in un mondo in cui non solo puoi percepire la privacy quando parli su Signal con lo psicanalista, ma anche quando lo paghi attraverso Signal”, aveva spiegato al tempo Marlinspike. Il problema è che la stessa privacy viene garantita anche quando qualcuno paga, per fare un esempio, sostanze stupefacenti o altro materiale e prestazioni illecite. Il rischio, insomma, è che Signal si trasformi in una nuova versione di Silk Road, il famigerato mercato nero del Dark Web.

Il tema preoccupa, come detto, gli stessi dipendenti di Signal, che pensano che la società possa subire pesanti ripercussioni legali. I precedenti, d’altra parte, mostrano come i legislatori si siano sempre opposti con forza all’introduzione di pagamenti anonimi su piattaforme di comunicazione: Telegram ha dovuto abbandonare la sua criptovaluta dopo una battaglia legale durata anni; lo stesso ha fatto la più piccola Kik Messenger e, come noto, perfino Facebook ha avuto enormi grattacapi nella creazione di Libra (poi ribattezzata Diem).

Proprio le criptovalute potrebbero avere avuto un ruolo nell’addio di Moxie Marlinspike: non solo si è vociferato di un suo possibile approdo alla società che gestisce MobileCoin, ma è stato soprattutto lo stesso fondatore di Signal a mostrare un grandissimo interesse per il Web3, cui ha dedicato un lungo post sul blog personale. Tutto ciò è stato smentito da una fonte vicina a Marlinspike, secondo la quale, al momento, il fondatore di Signal sarebbe solo interessato a “prendersi una pausa”.

Questo articolo è stato rivisto il 13 gennaio 2022 alle 11:14 aggiungendo il vero nome di Marlinspike.

1 note · View note

jhavelikes · 1 year

Quote

Sometimes I think about my life as a series of schemes, plans, plots, and experiments. Everything I've tried, every hare-brained scheme I've hatched, every implausible thought I've run with up until this moment. And if I'm really honest with myself, the trail of ideas that disappears into the horizon behind me is completely and utterly mined over with failures. Comic failures, tragic failures, dramatic failures — failures of all types.

Moxie Marlinspike >> Stories >> The Promise Of Defeat

0 notes

sandyzakk · 1 year

Text

Cyber Threat Prediction in Metaverse Space: Metaverse or Metaverse?

The term “metaverse” was first used in Neal Stephenson ‘s 1992 cyberpunk novel Snow Crash. The novel depicts a virtual world that can be explored using an avatar, providing the player with a fully immersive experience. Similar worlds can now be found in massively massively multiplayer online role-playing games (MMORPGs) such as Roblox, Minecraft, Fortnite, and Second Life, which are depicted in Snow Crash. I have to say that it is still far from an immersive experience.

In the latest conception, the metaverse consists of multiple virtual spaces that are independent but connected. This makes it impossible for one company to build the entire metaverse on its own. Even with an optimistic outlook, it will take 5–10 years for a full-fledged metaverse to fully roll out. Metaverse games and applications already exist, such as Decentraland, Crypto Voxels, Minecraft, and Second Life, but they are primarily designed for gamers rather than the general public. In the future, Trend Micro believes that everyday activities such as remote work, entertainment, education, and shopping will take place in the next generation of Metaverse-like applications. Many of these applications naturally share cyberspace. Ultimately, as the underlying technologies (hardware, software, network infrastructure, and ubiquity) mature, it will morph into a single metaverse. In this shared space, users can easily switch between applications and access the Metaverse using a wide variety of hardware.

But the Metaverse also attracts crimes that exploit its unique characteristics. This blog provides an overview, and a research paper provides more details.

What exactly is the Metaverse?

There are many opinions about what the Metaverse is and how it fits into the Internet picture. Trend Micro has created the following interim definitions to aid research:

The Metaverse is a cloud-distributed, multi-vendor, immersive interactive operating environment that users can access using a diverse category of connected devices, both static and mobile. The Metaverse uses Web 2.0 and Web 3.0 technologies to implement an interaction layer over the existing Internet. Metaverse is proposed as an open platform for working and gaming within VR/AR/MR/XR environments. This is a similar concept to existing MMORPG platforms, but while MMORPGs each represent their own single virtual world, the Metaverse allows players to seamlessly move between multiple virtual spaces with their virtual assets. The Metaverse is not just a platform for human users. It is also the communication layer of smart city devices, which allows humans and AI to share information.

In essence, the Metaverse will be the Internet of Experiences (IoX) . However, it is quite to be expected that this definition will evolve as the concept of the metaverse evolves.

What Threats Affect the Metaverse?

Predicting cyber threats to a product space that does not yet exist and may or may not exist in the form we imagine it to be is difficult. With this in mind, Trend Micro has consulted to better understand the Metaverse and identify threats to and within the Metaverse.

NFTs

Various opinions have been expressed about the use of non-fungible tokens (NFTs) within the metaverse. An NFT is a unique unit of data that is recorded on a blockchain and can be traded. NFT data can include hashes and links to digital files (text, photos, video, audio, etc.) to verify ownership of digital assets. NFTs manage asset ownership but do not store assets, exposing users to threats such as ransomware attacks. Once the files are encrypted by the ransomware, the NFT owner will not be able to access the files. Additionally, assets can be effectively stolen if the underlying blockchain is vulnerable to Sybil attacks .

Scammers can also mimic NFTs by subtly tampering with a few bits of data in “protected” files to sell essentially the same digital asset. As demonstrated by Moxie Marlinspike, assets can also be manipulated by modifying the content returned from the URL stored within the NFT.

In addition, there are security issues around asset transfers. Moving digital assets between metaverse development solutions spaces incurs costs. This is because assets must be validated, and incompatible assets must be “converted” before they can technically be used on different platforms. Asset brokers are used for this, but scammers posing as asset brokers can trick users.

Until best practices and rules are established, virtual trading routes risk becoming lawless. If it is firmly rooted in blockchain technology, it will be an inherently chaotic market. There is no clear government agency or legal entity to help in the event of fraud. Existing attacks such as phishing and drive-by downloads are also more effective because of the trust that this interactive space creates.

Darkverse

The Darkverse will be similar to the Dark Web and will be an anonymous space for malicious users to interact. This pseudo-physical entity mimics the real-life space used for clandestine meetings and is suitable for criminals to facilitate illegal activities. On the other hand, it can also be a safe space to speak freely against oppressive groups and governments.

The world of Darkverse can be configured to be accessible only when the user is in a designated physical location. Doing so protects a closed metaverse community. The use of location-based and proximity messages will make it difficult for Law Enforcement Agencies (LEAs) to intercept Metaverse data.

The Darkverse is particularly problematic because serious crimes such as child pornography are already a big problem on the Internet. Such crimes are poorly defined from a legal standpoint and are extremely difficult for the LEA to police in the virtual space.

financial fraud

The high volume of e-commerce transactions in the metaverse makes them attractive to criminals looking to steal money and digital assets. In the Metaverse, a new digital economy (using Bitcoin, Ethereum, cash, PayPal, e-Transfer, etc.) will operate, and exchange rates will be controlled by a free (and possibly chaotic) market. This makes it an easy target for criminals looking to manipulate the market. A company that exists only in the metaverse does not belong to any jurisdiction and may be able to avoid income tax. Metaverse investors may also be victims of investment and securities fraud. Moreover, the entwined system of digital currencies, digital assets, and fiat money is at risk of triggering a crash similar to that of the Terra/Luna cryptocurrency in 2022 .

Digital currencies are convenient for receiving funds, but publishers face complex financial issues, possibly at a regulatory level, when users are scammed or transaction issues arise. If a user is scammed or stolen, it is nearly impossible to get help, prosecute, or take legal action when using a decentralized digital currency.

In the Metaverse, we can expect to artificially inflate the value of digital assets through false endorsements, promotions, and investments. For example, the value of virtual ‘land’ is highly impression dependent and can be manipulated by a variety of factors.

social engineering

Social engineering is a broad term for malicious interactions between humans aimed at tricking users into making security mistakes or revealing sensitive information. Social engineering scams are more successful when scammers have more information about their targets. In the Metaverse, operators can use personal information such as gaze, body, voice, and motion tracking to conduct accurate sentiment analysis. All this data is collected and can be stolen or misused.

Criminals and nation-state actors will seek out sensitive and vulnerable groups on specific topics and try to influence them by dropping targeted stories. The metaverse is ideal for deepfakes for criminal purposes. Combining audio and video makes for a powerful voice (and manipulation tool).

Metaverse operators should also be wary of intruders who attempt to mislead Metaverse users by impersonating official avatars. In this case, deepfakes may not be necessary as the avatar’s assets can be easily harvested and replicated. If you can spoof an official avatar skin, you can infiltrate the Metaverse space and do bad things, damaging the image of the impersonated company.

Criminals can also use the metaverse to impersonate doctors and get paid for giving fake medical advice to patients. Fraud in a broader sense includes building fake news worlds and using them as VR honeypots for sensitive information gathering, or malicious advertisers selling trojanized digital products. is possible.

As the Metaverse transcends physical boundaries, people will be easily exposed to scammers from all over the world, and social engineering crimes will become more serious.

summary

The Metaverse is the next evolutionary step in augmented, mixed and virtual reality. The Metaverse uses new technologies to provide users with a fully immersive experience, the Internet of Experiences (IoX). In the Metaverse, users have the impression of participating in real-world events.

The Metaverse Development Services is a layer added to the Internet with the goal of providing transparent connectivity to any device. But it doesn’t seem like developers are heeding the advice of their decades-old predecessors and designing for security and privacy. Every effort must be made to prevent the Metaverse from becoming a rogue and dangerous space infested with criminals. Developers should incorporate technical and social safeguards from the beginning. Without such safeguards, the Metaverse could become an even more dangerous space than the current Internet : the Metaverse .

#metaverse development #metaverse #metaverse development services

0 notes

cavixorg · 2 years

Text

Peer-to-peer cryptocurrency MOB Coin was created by MobileCoin Inc., which Josh Goldbard & Shane Glynn formed in 2017. It emphasizes transactional anonymity (fungibility), usability, transaction speed, minimal influence on the environment, and low fees. The foundations of MobileCoin are based on Monero (for privacy) and Stellar (for consensus), and use CryptoNote and zero-knowledge proofs to obscure the specifics of user transactions. The MOB Coin startup asserts that its coin is faster than most others at facilitating decentralized payments for routine transactions. One-dimensional cryptocurrency blockchain for MOB Coin. The consensus protocol used by blocks was first created for the Stellar payments system. Elliptic-curve cryptography is used for the SGX secure enclaves where transactions are validated. Merkle proofs of membership and multilayered linkable ring signatures are used to demonstrate the existence of transaction inputs in the blockchain. Pedersen commitments are used to conceal output amounts, and non-interactive zero-knowledge proofs are used to demonstrate that the output amounts fall within a valid range. MOB Coin History Joshua Goldbard & Shane Glynn established MobileCoin Inc., the organization that powers MOB Coin, in 2017. Moxie Marlinspike from Signal provided early technical guidance. The goal of the coin is to create a usable cryptocurrency that focuses on quick transactions. In a fundraising deal led by Binance Labs in May 2018, MobileCoin received $29.7 million in return for 37.5 million coins. The foundation raised $66 million in Series B fundraising in August 2021 and $11.35 million in venture capital in March 2021. Global peer-to-peer payments using MobileCoin are supported by in-app purchases through Signal and Mixin Messenger. FTX and Bitfinex, two cryptocurrency exchanges, list MobileCoin for trade. Programmers, like Stephen Diehl, who labeled it a pump-and-dump scheme, and security specialist Bruce Schneier, who had previously lauded the app, criticized the addition of MOB Coin wallets to the well-known security messaging software Signal. This, according to Schneier, would overweight the app and draw the wrong kind of attention from the monetary regulators. MOB Moving Averages And Oscillators Of Interest For Saturday, December 3, 2022 Indicators that are frequently used on all financial markets are moving averages. A trend analysis (MA) is used to smooth price movement over a specific period of time. Being a lagging indicator, moving averages are dependent on prior price movement. Simple trend analysis (SMA) and exponentially weighted moving average are the two forms of moving averages that are shown in the table below (EMA). Based on the classical pivot point (P1) for today, which is $ 1.221240, MobileCoin offers support levels of $ 1.050578, $ 0.939626, and $ 0.768963, with the last being the strongest. The resistance levels for MobileCoin are also around $ 1.332193, $ 1.502855. And $ 1.613808. The prices of Celo (CELO), ApeCoin (APE), Dogecoin (DOGE), Frax (FRAX), and Helium (HNT) were most positively correlated with MOB Coin. Over the previous week, while sUSD (sUSD), Fei USD (FEI), Trust Wallet Token (TWT), Kava (KAVA), and Cronos were most negatively correlated (CRO). MobileCoin Price Correlated With a value of -0.139 for the top 10 cryptocurrencies by market capitalization, excluding Tether (USDT), and a value of -0.108 for the top 100 coins by share value, excluding all stablecoins, the MOB Coin price is negatively connected. Currency movements of one have a statistically meaningful weight to influence those of the other when they are favorably associated with MobileCoin. When MobileCoin moves one way while other currency that are negatively associated with it move the other way, the latter coin will also move in that same manner. What Is The Expected Price Of MobileCoin Today? According to our MOB Coin price prediction, MOB Coin price will fall by -1.

86% and reach $ 1.112249 by December 8, 2022. Our technical analysis indicates that the mood toward MOB Coin right now is adverse. Most technical indicators are indicating sell. By taking into account on-chain and off-chain measures as well as chart patterns that account for MobileCoin's historical price performance, you can MOB Coin price prediction cryptocurrency prices. To determine if investors are bullish or pessimistic about MobileCoin, you may also assess market sentiment. Remember that no prediction of the future can be made with 100% accuracy, and past performance does not guarantee future outcomes. What Are The Major Price Levels For Mobilecoin? The $ 1.050578, $ 0.939626, and $ 0.768963 buying pressure and the $ 1.332193, $ 1.502855, and $ 1.613808 resistance levels are MOB Coin price levels. Breaks from certain levels in price could signal further volatility in the following days. The current MobileCoin estimate for 2022 is bearish based on a number of technical quantitative indicators. This might be a sign that purchasing MobileCoin in 2022 would be a mistake. Before deciding whether to purchase MobileCoin or not, it's crucial to take into account both technical (price history) and basic (on-chain activity and growth) elements. What Relationships Do Other Assets And Mobilecoin Have? Celo (CELO), ApeCoin (APE), Dogecoin (DOGE), Frax (FRAX), and Helium have the strongest positive correlations with MobileCoin (HNT). If there is a positive connection, then these coins frequently trend in the exact direction all at the same time. The coins that MOB Coin has the lowest correlation with are sUSD (sUSD), Fei USD (FEI), Trust Wallet Token (TWT), Kava (KAVA), and Cronos (CRO). As a result, the price of MobileCoin often moves in the opposite direction from that of these coins. How Can I Interpret Mobilecoin Charts To Forecast Price Changes? Candlestick charts are used by most traders because they offer more insight than a straightforward line chart. The price activity of MOB Coin is represented by candlesticks, which traders may watch at several levels of granularity. For example, investors could choose a five minute bar chart to see very short-term market action or a weeklong candlestick chart to see long-term patterns. The most common candlestick charts are those for one hour, four hours, and one day. Let's take a look at a 1-hour chart to see how this kind of price chart might tell us about starting and closing values. The chart is broken into "candles" that provide data on MOB Coin price movement every hour. Each candlestick will show the opening and closing values for MOB as well as the lowest and highest prices MOB Coin experienced over the preceding hour. The color of the candle should also be taken into consideration; a green candle indicates that the book value was greater than the offering price, while a red flame indicates the opposite. Instead of using colors to illustrate the same idea, some charts will employ candlestick bodies that are hollow or filled. What Factors Influence Mobilecoin's Price? The supply and demand factors influence the price of MobileCoin, just like they do for any other asset. Fundamental occurrences like transaction reward halvings, hard forks, or new protocol modifications can have an impact on these dynamics. Regulations, adoption by businesses and governments, hacking of cryptocurrency exchanges, and other actual occurrences can all impact MOB Coin price. In a short amount of time, MobileCoin's market capitalization might vary considerably. Many traders also attempt to track the activity of MOB "whales," which are organizations and people with significant MOB holdings, in order to construct a MOB Coin price prediction. Because the MobileCoin industry is so small in comparison to other markets, a single "whale" might have a significant impact on price changes. MobileCoin Price Forecast Currently, the MOB Coin price is below the 200-day simple moving average (SMA).

Since Dec. 3, 2022, the 200-day SMA has been indicating SELL for the last 0 days. Since November 26, 2022, when MOB Coin price fell below the 50-day SMA, this signal has been indicating SELL for the past seven days. Our most recent MOB Coin price prediction indicates that by December 8, 2022, its value will have decreased by -1.86% and will be equal to $ 1.112249. Our technical indicators indicate that the current mood is bearish, and the Fear & Greed Index is currently at 27. (Fear). In the past 30 days, MobileCoin saw price volatility of 39.55% while recording 12/30 (40%) green days. Our MOB Coin price prediction indicates that this is not the ideal moment to purchase MobileCoin. According to data from December 3, 2022 at 20:55, there is a general bearish sentiment towards the price prognosis of MobileCoin, with 12 technical indicators indicators indicating bullish signs and 14 indicating bearish signals. Price Forecast For Mobilecoin (MOB) In 2024 The MOB Coin price is anticipated to cross an average price level of $2.63 in 2024, while the anticipated price cap value of MobileCoin by both the end of the current year should really be $2.54. This is according to the MOB Coin price prediction and technical analysis. Additionally, MOB has a maximum price level of $3.03. The price of MobileCoin is anticipated to range from $1.69 to $1.90 in January 2024, while the average selling price of MOB in January remains at or near $1.85. The MobileCoin (MOB) pricing for February 2024 is expected to range between a minimum of $1.83 and a maximum of $1.97. In February 2024, the average price of MOB is anticipated to be $1.92. MobileCoin has a remarkable potential to soar to new heights in terms of pricing. The value of MOB is anticipated to rise. Specific specialists and business analysts MOB Coin price prediction will reach its greatest price of $0.00000119 by 2030. The value of MobileCoin is anticipated to climb further because scarcity often leads to price increases. Please be aware that every investment carries some risk. Before making any decisions, just concentrate in what you can do and do the most research you can. Price Forecast For Mobilecoin (MOB) In 2025 The MOB price is anticipated to surpass an average price level of $3.64 in 2025, and the anticipated minimum bid value of MobileCoin by the end of the present year should be $3.51, according to the projected price and technical analysis. Additionally, MOB has a max price level of $4.39. The least anticipated price for MobileCoin (MOB) in January 2025 is $2.52, and the highest price is expected to be about $2.84. In January 2025, the average price of MOB is anticipated to be $2.76. MobileCoin is expected to trade between such a high of $3.45 and a low of $3.04 in June 2025, with an average price of $3.17. MobileCoin is expected to trade between such a maximum of $4.39 and a low of $3.51 in December 2025, with an average price of $3.64. Price Forecast For Mobilecoin (MOB) In 2026 The MOB price is anticipated to cross a $5.13 average price level in 2026, and at the end of the current year, MobileCoin should be valued at a minimum of $4.95, according to the MOB Coin price prediction and technical analysis. Additionally, MOB has a $5.98 maximum price level. According to MOB Coin price prediction, MobileCoin will cost a minimum of $3.46 in January 2026. The greatest price for MobileCoin is $3.93, with an average transaction value of $3.82 in US dollars. By the end of February 2026, the going value of MobileCoin (MOB) may reach $3.93. MOB may trade at a highest benefit of $4.08 and a minimum anticipated price of $3.75. The cost of MobileCoin is anticipated to be at least $4.95 in December 2026. MobileCoin's price ranges from $5.13 to $5.98 with a maximum price of $5.98. Price Forecast For Mobilecoin (MOB) In 2030 The MOB Coin price prediction to cross an average price level of $23.56 in 2030, and the anticipated minimum price value of MobileCoin by the end of this year should be $22.

77, according to the forecast price and technical analysis. Additionally, MOB has a maximum market price of $26.34. According to the MOB Coin price prediction for January 2030, the MOB might go as high as $17.18 and as low as $15.11. When discussing typical prices, MOB might be as high as $16.70 in January. The highest MOB Coin price prediction is anticipated to be around $17.85 in February 2030.

0 notes

stocklivemarket · 2 years

Text

0 notes

coke-zettelkasten · 2 years

Text

Der iPhone-Hacker George Hotz will 12 Wochen für Twitter arbeiten - Magazin - 1E9

George Hotz (iPhone-/PS3-Hacker) und Moxie Marlinspike (Signal) wollen bei Twitter aushelfen ...

#media #twitter #twttelmunspn

0 notes

mariacallous · 1 year

Text

Elon Musk's long-promised launch of encrypted direct messages on Twitter has arrived. Like most attempts to add end-to-end encryption to a massive existing platform—never an easy proposition—there's good, bad, and ugly. The good: Twitter has added an optional layer of security for a small subset of its users that has never existed in Twitter's 16-plus years online. As for the bad and ugly: Well, that list is quite a lot longer.

Yesterday night, Twitter announced the release of encrypted direct messages, a feature that Musk had assured users was coming from his very first days running the company. To Twitter's credit, it accompanied the new feature with an article on its help center breaking down the new feature's strengths and weaknesses with unusual transparency. And as the article points out, there are plenty of weaknesses.

In fact, the company appears to have stopped short of calling the feature "end-to-end" encrypted, the term that would mean only users on the two ends of conversations can read messages, rather than hackers, government agencies that can eavesdrop on those messages, or even Twitter itself.

"As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages," the help desk page reads. "We’re not quite there yet, but we’re working on it."

In fact, the description of Twitter's encrypted messaging feature that follows that initial caveat seems almost like a laundry list of the most serious flaws in every existing end-to-end encrypted messaging app, now all combined into one product—along with a few extra flaws that are all its own.

The encryption feature is opt-in, for instance, not turned on by default, a decision for which Facebook Messenger has received criticism. It explicitly doesn't prevent “man-in-the-middle” attacks that would allow Twitter to invisibly spoof users' identities and intercept messages, long considered the most serious flaw in Apple's iMessage encryption. It doesn't have the “perfect forward secrecy” feature that makes spying on users harder even after a device is temporarily compromised. It doesn't allow for group messaging or even sending photos or videos. And perhaps most seriously, it currently restricts this subpar encrypted messaging system to only the verified users messaging each other—most of whom must pay $8 a month—vastly limiting the network that might use it.

“This clearly is not better than Signal or WhatsApp or anything that uses the Signal Protocol, in terms of features, in terms of security,” says Matthew Green, a professor of computer science at Johns Hopkins University who focuses on cryptography, referring to the Signal Messenger app that's widely considered the modern standard in end-to-end encrypted calling and texting. Signal's encryption protocol is also used in both WhatsApp's encrypted-by-default communications and Facebook Messenger's opt-in encryption feature known as Secret Conversations. (Both Signal and WhatsApp are free, compared to the $8 per month for a Twitter Blue subscription that includes verification.) “You should use those things instead if you really care about security,” Green says. “And they’ll be easier because you won’t have to pay $8 a month.”

“On the positive side,” Green adds, “hey, it’s a first step, maybe it’ll get better.”

Musk has praised Signal in comments to Twitter's staff, and even said that he'd spoken with Signal's creator, Moxie Marlinspike, about similarly encrypting Twitter's DMs—a goal that Marlinspike himself shared when he briefly led Twitter's security team nearly a decade ago.

So Green—who has consulted at both WhatsApp and Facebook in their rollouts of encryption features based on Signal's protocol—was surprised to see that Twitter's encrypted messaging feature lacks so many of the positive properties of Signal and WhatsApp's end-to-end encryption. Beyond its lack of support for encrypted photos, videos, and group chats—key features of both Signal and WhatsApp—it also excludes the Signal protocol's constantly changing cryptographic keys, which are used to encrypt each message and never repeat.

That feature of Signal is what ensures “perfect forward secrecy,” the security property that if a device is somehow compromised and the private key that decrypts messages is stolen, an eavesdropper still can't spy on future messages to and from that user. “I'm a little baffled by the lack of perfect forward secrecy,” says Green. “That's a basic feature of the Signal protocol.”

Twitter writes in its help center explanation that it essentially couldn't make that feature work while preserving the ability to access DMs when the user logs in on a new device. “We don’t plan to address this limitation,” the article reads.

Then there's the company's professed inability to stop “man-in-the-middle” attacks, in which Twitter itself could spoof users' identities to intercept their messages. In end-to-end encryption systems, messages are encrypted with an intended recipient's public key, such that only the recipient's private key—which is safely stored on the recipient's device—can decrypt them. But Twitter could trick a user—or even be compelled to do so by a government—so that their device invisibly encrypts messages to an eavesdropper's public key instead. Those messages could then be read and then re-encrypted with the intended recipient's key before they're sent on.

Apple's iMessage, which is otherwise considered a relatively strong end-to-end encryption system, has long suffered from this same vulnerability. But WhatsApp and Signal attempt to prevent man-in-the-middle attacks by allowing users to check a key “fingerprint” that ensures they're encrypting messages to the intended recipient. For now, Twitter has no such fingerprint-checking feature, though it says that it will add it soon.

That missing feature may be part of why Twitter has so far declined to even claim that it offers true end-to-end encryption, the "can't-read-your-messages-with-a-gun-to-our-head" feature Musk has promised.

"This appears to be a hasty deployment of a product that isn’t quite fully baked yet," says Riana Pfefferkorn, a security researcher at Stanford University's Internet Observatory. She points out that Zoom was penalized by the Federal Trade Commission in 2020 for claiming that it offered "end-to-end" encryption when it didn't—and that Twitter's reluctance to use the term may be a sign that it's not sure its system could meet that “end-to-end-encrypted” standard.

While Twitter is remarkably transparent about its encrypted DM feature's shortcomings on its help center page, Pfefferkorn worries that its flaws may not be as clear in the actual web and app interface that users see. “I think it was a good choice for the help page to try from the very first paragraph to manage expectations,” she says. “It remains to be seen whether Twitter users will believe that encrypted DMs offer more privacy and security than they actually do.”

Perhaps the most serious drawback to Twitter's encrypted DMs is simply that very few of its users will have the ability to send or receive them. The feature, at least for now, only works between two verified accounts, both of which must be verified institutions or users who pay $8 a month for their blue check mark. “This shouldn’t be something you have to pay for,” says Green. “You shouldn’t have to pay for basic security.”

The notion of end-to-end encrypted Twitter DMs might one day offer a crucial new method of finding someone online and sending them a secret message; after all, Signal and WhatsApp's biggest drawback is that both require you to know a person's cell phone number, while Twitter DMs allow strangers to interact more freely. But as long as the encrypted DM feature is only available to send messages to and from verified accounts, its network will, by some measures, be even more restricted, limited to only a tiny fraction of Twitter's overall users.

For Twitter's security-conscious users, there remains only one way to send someone an encrypted message, and it hasn't changed in years: Send someone a DM, ask for their Signal number, and use Signal to start an actual end-to-end encrypted conversation.

1 note · View note